Updated thunderbird packages fix security vulnerability
Publication date: 06 Feb 2018Modification date: 06 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5095 , CVE-2018-5096 , CVE-2018-5097 , CVE-2018-5098 , CVE-2018-5099 , CVE-2018-5102 , CVE-2018-5103 , CVE-2018-5104 , CVE-2018-5117 , CVE-2018-5089
Description
Integer overflow in Skia library during edge builder allocation.
(CVE-2018-5095)
Use-after-free while editing form elements. (CVE-2018-5096)
Use-after-free when source document is manipulated during XSLT.
(CVE-2018-5097)
Use-after-free while manipulating form input elements. (CVE-2018-5098)
Use-after-free with widget listener. (CVE-2018-5099)
Use-after-free in HTML media elements. (CVE-2018-5102)
Use-after-free during mouse event handling. (CVE-2018-5103)
Use-after-free during font face manipulation. (CVE-2018-5104)
URL spoofing with right-to-left text aligned left-to-right.
(CVE-2018-5117)
Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird
52.6. (CVE-2018-5089)
References
- https://bugs.mageia.org/show_bug.cgi?id=22470
- https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089
SRPMS
5/core
- thunderbird-52.6.0-1.mga5
- thunderbird-l10n-52.6.0-1.mga5
6/core
- thunderbird-52.6.0-1.mga6
- thunderbird-l10n-52.6.0-1.mga6